b'Department of Homeland Security\n   Of\xef\xac\x81ce of Inspector General\n\n            Transportation Security Administration\'s \n \n\n              Management Letter for FY 2010 DHS \n \n\n            Consolidated Financial Statements Audit \n \n\n\n\n\n\nOIG-11-58                                            March 2011\n\x0c                                                              Office ofInspector General\n\n                                                              U.S. Department of Homeland Security\n                                                              Washington, DC 20528\n\n\n\n\n                                                             Homeland\n                                                             Security\n                                           MAR 2 1 2011\n\n                                              Preface\n\nThe Department of Homeland Security (DHS) Office ofInspector General (OIG) was\nestablished by the Homeland Security Act of2002 (Public Law 107-296) by amendment\nto the Inspector General Act of1978. This is one of a series of audit, inspection, and\nspecial reports prepared as part of our oversight responsibilities to promote economy,\nefficiency, and effectiveness within the department.\n\nThis report presents the Transportation Security Administration\'s Management Letter for\nFY 2010 DHS Consolidated Financial Statements Audit. It contains 15 observations\nrelated to internal control that were not required to be reported in the financial statement\naudit report. The independent public accounting firm KPMG LLP (KPMG) performed\nthe integrated audit ofDHS\' FY 2010 financial statements and internal control over\nfinancial reporting and prepared this management letter. KPMG is responsible for the\nattached management letter dated February 22,2011, and the conclusions expressed in it.\nWe do not express opinions on DHS\' financial statements or internal control, or provide\nconclusions on compliance with laws and regulations.\n\nThe observations herein have been discussed in draft with those responsible for\nimplementation. We trust this report will result in more effective, efficient, and\neconomical operations. We express our appre9iation to all of those who contributed to\nthe preparation of this report.\n\n\n\n\n                                               ~i~\n                                              Anne L. Richards\n                                              Assistant Inspector General for Audits\n\x0c                              KPMG LLP\n                              2001 M Street, NW\n                              Washington, DC 20036-3389\n\n\n\n\nFebruary 22, 2011\n\n\nOffice of Inspector General\nU.S. Department of Homeland Security, and\nChief Financial Officer\nU.S. Department of Homeland Security Transportation Security Agency\nWashington, DC\n\n\nLadies and Gentlemen:\n\nWe were engaged to audit the balance sheet of the U.S. Department of Homeland Security (DHS\nor Department) as of September 30, 2010 and the related statement of custodial activity for the\nyear then ended (referred to herein as \xe2\x80\x9cfinancial statements\xe2\x80\x9d). We were also engaged to examine\nthe Department\xe2\x80\x99s internal control over financial reporting of the balance sheet as of September 30,\n2010, and the statement of custodial activity for the year then ended. We were not engaged to\naudit the accompanying statements of net cost, changes in net position, and budgetary resources\nfor the year ended September 30, 2010 (referred to herein as other fiscal year (FY) 2010 financial\nstatements), or to examine internal control over financial reporting over the other FY 2010\nfinancial statements.\n\nBecause of matters discussed in our Independent Auditors\xe2\x80\x99 Report, dated November 12, 2010, the\nscope of our work was not sufficient to enable us to express, and we did not express, an opinion\non the FY 2010 financial statements and we were unable to perform procedures necessary to form\nan opinion on DHS\xe2\x80\x99 internal control over financial reporting of the balance sheet as of September\n30, 2010 and the related statement of custodial activity for the year then ended. The\nTransportation Security Administration (TSA) is a component of DHS. We noted certain matters\ninvolving internal control and other operational matters, related to TSA, that are summarized in\nthe Table of Financial Management Comments on the following pages, and presented for your\nconsideration in Section I of this letter. These comments and recommendations, all of which have\nbeen discussed with the appropriate members of management, are intended to improve internal\ncontrol or result in other operating efficiencies. These comments are in addition to the significant\ndeficiencies presented in our Independent Auditors\xe2\x80\x99 Report, dated November 12, 2010, included\nin the FY 2010 DHS Annual Financial Report. A description of each internal control finding, not\nrelated to information technology, and its disposition as either a significant deficiency or a\nfinancial management comment is provided in Appendix A. Our findings related to information\ntechnology systems security have been presented in a separate letter to the Office of Inspector\nGeneral and the TSA Chief Financial Officer and Chief Information Officer.\n\n\n\n\n                               KPMG LLP is a Delaware limited liability partnership,\n                               the U.S. member firm of KPMG International Cooperative\n                               (\xe2\x80\x9cKPMG International\xe2\x80\x9d), a Swiss entity.\n\x0cAs described above, the scope of our work was not sufficient to express an opinion on the balance\nsheet as of September 30, 2010 or the statement of custodial activity of DHS for the year then\nended, and we were not engaged to audit the statements of net cost, changes in net position, and\nbudgetary resources for the year ended September 30, 2010. Accordingly, other internal control\nmatters may have been identified and reported had we been able to perform all procedures\nnecessary to express an opinion on the FY 2010 financial statements and had we been engaged to\naudit the other FY 2010 financial statements. We aim, however, to use our knowledge of DHS\xe2\x80\x99\norganization gained during our work to make comments and suggestions that we hope will be\nuseful to you.\n\nTSA\xe2\x80\x99s written response to our comments and recommendations has not been subjected to\nauditing procedures and, accordingly, we express no opinion on it.\n\nWe would be pleased to discuss these comments and recommendations with you at any time.\nThis report is intended for the information and use of DHS\xe2\x80\x99 and TSA\xe2\x80\x99s management, the DHS\nOffice of Inspector General, the U.S. Office of Management and Budget, the U.S. Congress, and\nthe Government Accountability Office, and is not intended to be and should not be used by\nanyone other than these specified parties.\n\nVery truly yours,\n\x0c                                Transportation Security Administration\n                              Table of Financial Management Comments\n                                         September 30, 2010\n\n              TABLE OF FINANCIAL MANAGEMENT COMMENTS (FMC)\n\n\nComment\nReference   Subject                                                               Page(s)\n\nFMC 10-01   Warehouse Inventory System and Procedures                               2\nFMC 10-02   Compliance with Human Resources Related Laws                             3\nFMC 10-03   Accrued Payroll Controls                                                3\nFMC 10-04   Accounts Receivable Controls                                             4\nFMC 10-05   Compliance with the Debt Collection Improvement Act of 1996 (DCIA)      4\nFMC 10-06   Ineffective Controls over the Time and Attendance Process                5\nFMC 10-07   Fund Balance with Treasury Controls                                     6\nFMC 10-08   Accounts Payable Process                                               6-7\nFMC 10-09   Untimely Update of Asset Transfers                                       7\nFMC 10-10   Undelivered Orders (UDO) Documentation                                 7-8\nFMC 10-11   Grant Monitoring and Compliance with the Single Audit Act                9\nFMC 10-12   Review of Journal Entries                                               9\nFMC 10-13   Review of Service Organizations\xe2\x80\x99 Internal Controls                     9-10\nFMC 10-14   Accounts Payable Balance                                                10\nFMC 10-15   Lease Accounting and Disclosure                                       10-11\n\n\n\n                                           APPENDIX\nAppendix    Subject                                                              Page(s)\n\n   A        Crosswalk \xe2\x80\x93 Financial Management Comments to Active NFRs             12-13\n   B        Status of Prior Year NFRs                                            14-15\n   C        Management Response                                                   16\n\n\n\n\n                                                   1\n \n\n\x0c                                                                                              Section I\n                              Transportation Security Administration\n                                Financial Management Comments\n                                       September 30, 2010\n\n\nFMC 10-01 \xe2\x80\x93 Warehouse Inventory System and Procedures (NFR No. TSA 10-01)\n\n      During our walkthrough of the warehouse inventory system and related processes, we noted that\n      the Transportation Security Administration (TSA) did not have documented policies and\n      procedures to ensure that the warehouse management system, supported by a third party\n      contractor, and related outputs were adequately controlled, monitored, and reconciled to TSA\xe2\x80\x99s\n      system of record. Specifically we noted that:\n      \xef\xbf\xbd\t The third party contractor\xe2\x80\x99s inventory system (Warehouse Librarian) password settings did\n          not meet the password requirements required per DHS policy including:\n          \xef\xbf\xbd\t Password length;\n          \xef\xbf\xbd\t Password strength and complexity;\n          \xef\xbf\xbd\t Failed password attempts; and\n          \xef\xbf\xbd\t Password expiration.\n      \xef\xbf\xbd\t The third party contractor was not performing monthly audit log reviews of the Warehouse\n          Librarian system. The Warehouse Librarian has the ability to log the system\xe2\x80\x99s activities.\n          However, these logs are not being reviewed by anyone from the third party contractor or\n          TSA.\n      \xef\xbf\xbd\t The Warehouse Librarian System does not lock out application users after 90 days of\n          inactivity.\n      \xef\xbf\xbd\t The daily tape back-up of the Warehouse Librarian System\xe2\x80\x99s data was stored in the same\n          room as the server that hosts the production data.\n      \xef\xbf\xbd\t Reconciliations between the third party contractor\xe2\x80\x99s system and the Sunflower Asset\n          Management System (SAMS) were not fully implemented to include the following:\n          \xef\xbf\xbd\t Reviews to ensure the assets queried from SAMS and the third party contractor for\n              reconciliation is complete and accurate (agrees to the general ledger (GL), includes the\n              correct date fields, assets, etc.).\n          \xef\xbf\xbd\t Reviews to ensure the reconciliation is accurate (mathematically, etc.).\n          \xef\xbf\xbd\t Processes to ensure any significant reconciling items are resolved, recorded, and reviewed\n              on a timely basis.\n\n      Recommendations:\n      We recommend that TSA:\n      \xef\xbf\xbd\t Adopt DHS password security length and complexity requirements for Warehouse Librarian\n         with the exception of special characters since Warehouse Librarian will not accept special\n         characters in a password string.\n      \xef\xbf\xbd\t Set Warehouse Librarian passwords to expire every 180 days.\n      \xef\xbf\xbd\t Review Warehouse Librarian logs on a monthly basis, at a minimum.\n      \xef\xbf\xbd\t Update warehouse operating procedures to require that Warehouse Librarian accounts are\n         manually disabled for any employees following 90 days of inactivity or upon termination of\n         employment at the third party contractor, whichever is sooner.\n      \xef\xbf\xbd\t Prepare an addendum to the Security Equipment Management Manual (SEMM) to describe\n         the reconciliation process.\n\n\n\n\n                                                 2\n \n\n\x0c                                                                                             Section I\n                               Transportation Security Administration\n                                 Financial Management Comments\n                                        September 30, 2010\n\n\nFMC 10-02 \xe2\x80\x93 Compliance with Human Resources Related Laws (NFR No. TSA 10-02)\n\n       TSA did not fully implement processes and controls to ensure that payroll calculations and\n       employee\xe2\x80\x99s annual leave balances were properly recorded and supported by available\n       documentation. In performing our compliance procedures over payroll transactions, we identified\n       the following:\n       \xef\xbf\xbd\t 1 Federal Employees\xe2\x80\x99 Group Life Insurance (FEGLI) error as the FEGLI calculation per the\n           payroll did not agree with the FEGLI calculator provided on the Office of Personnel\n           Management (OPM) website.\n       \xef\xbf\xbd\t 3 instances where updated Federal Employees Health Benefits (FEHB) enrollments were not\n           included in the eOPF as required by policy, however supporting documentation was available\n           once requested.\n       \xef\xbf\xbd\t 3 Thrift Savings Plan (TSP) errors as the TSP deduction was unsupported by an election form\n           or substitute documentation.\n       \xef\xbf\xbd\t 1 error where a FEGLI form was not included in the electronic official personnel file (eOPF)\n           and the employee had elected coverage other than standard basic.\n       \xef\xbf\xbd\t 9 errors where an employee had a discrepancy between the annual and sick leave balances\n           listed per the Statement of Earnings and Leave and the webTA timesheet.\n\n       Recommendations:\n       We recommend that TSA:\n       \xef\xbf\xbd\t Verify all supporting documentation for benefit elections are uploaded in the official\n          personnel file (OPF) in a timely manner for both new hires and employee changes.\n       \xef\xbf\xbd\t Implement procedures to ensure that payroll calculations, elections, and changes in annual\n          leave are properly calculated and recorded based on retained supporting documentation.\n       \xef\xbf\xbd\t Through the use of random leave reviews, ensure compliance with record retention, verify\n          proper administration of employee\xe2\x80\x99s leave election and validate the accuracy of changes made\n          to employees leave balances.\n\nFMC 10-03 \xe2\x80\x93 Accrued Payroll Controls (NFR No. TSA 10 -03)\n\n       During our walkthrough of the accrued payroll process, we noted that TSA:\n       \xef\xbf\xbd\t Did not have adequate policies and procedures to ensure that TSA\xe2\x80\x99s Human Resources (HR)\n          provider performed a quality assurance over the processing of employee retirements.\n       \xef\xbf\xbd\t Did not have adequate policies and procedures to ensure that TSA\xe2\x80\x99s HR provider performed\n          sufficient quality assurance (QA) over the entry of personnel changes.\n\n       Recommendations:\n       We recommend that TSA:\n       \xef\xbf\xbd\t Work with the service provider to implement a quality review process for retirements\n       \xef\xbf\xbd\t Continue to implement improvements and monitor Lockheed Martin\xe2\x80\x99s QA process and\n          conduct a separate Federal QA process.\n\n\n\n\n                                                 3\n \n\n\x0c                                                                                                Section I\n                                Transportation Security Administration\n                                  Financial Management Comments\n                                         September 30, 2010\n\n\nFMC 10-04 \xe2\x80\x93 Accounts Receivable Controls (NFR No. TSA 10 -04)\n\n      During our walkthrough of the accounts receivable process, we noted the following:\n      \xef\xbf\xbd\t TSA did not have documented policies and procedures in place to ensure a detailed review of\n         the bankruptcy portion of the allowance for doubtful accounts and to ensure that all\n         bankruptcy claims and payments received by TSA were completely and accurately updated in\n         the analysis.\n      \xef\xbf\xbd\t TSA\xe2\x80\x99s air carrier audit procedures were not properly designed to ensure the fees remitted and\n         used for the accounts receivable balance calculation are complete and accurate. Specifically,\n         we noted the selection of carriers for audit is not formally documented based on factors such\n         as risk and adequate coverage. Additionally, procedures were not in place to ensure the\n         results of the carrier audits selected were received and reviewed timely. We noted that the\n         United Airlines audit was not completed timely (the audit was conducted in August of fiscal\n         year (FY) 2009 and was not available in May 2010).\n\n       Recommendations:\n       We recommend that TSA:\n       \xef\xbf\xbd\t Review and update existing procedures to ensure timeliness of the air carrier audits.\n       \xef\xbf\xbd\t Review and update existing documentation to include risk assessment analysis upon which\n          selection of air carriers for audit will be based.\n       \xef\xbf\xbd\t Review and update existing procedures to ensure completeness of the bankruptcy portion of\n          the allowance of doubtful accounts analysis.\n\nFMC 10-05 \xe2\x80\x93 Compliance with the Debt Collection Improvement Act of 1996 (DCIA)\n(NFR No. TSA 10-06)\n\n       During FY 2010 TSA developed policies and procedures to address prior year non-compliance\n       with DCIA. We noted however, the policy was not properly designed to ensure full compliance\n       with the provisions of DCIA for FY 2010. Specifically, we noted the policy stated that the Office\n       of Revenue will identify all delinquent debt greater than 180 days old for which demand letters\n       have been sent; however, the policy does not address debts that are past due over 180 days where\n       the demand letters have not been sent. TSA began cleanup activity of transferring debt to\n       Treasury in late FY 2009 that continued into FY 2010. We note that the law specifically applies\n       to past due, legally enforceable non-tax debt over 180 days (regardless of whether a demand letter\n       has been sent).\n\n       Specifically we noted the following instances of non-compliance:\n       \xef\xbf\xbd\t For 58 of 65 sample items selected, we noted that the demand letters were not sent to the\n          debtor in a timely fashion.\n       \xef\xbf\xbd\t For 18 of 65 sample items selected, we noted that TSA did not refer debt outstanding 180\n          days or greater to the Department of the Treasury in a timely manner.\n       \xef\xbf\xbd\t For 26 of 65 sample items selected, we noted that TSA did not refer debt outstanding 180\n          days or greater to the Department of the Treasury.\n\n       Recommendation:\n       We recommend that TSA review and update existing policies to identify all debt past due and\n       issue demand letters in full compliance with DCIA.\n\n\n                                                   4\n\n\x0c                                                                                               Section I\n                               Transportation Security Administration\n                                 Financial Management Comments\n                                        September 30, 2010\n\n\nFMC 10-06 \xe2\x80\x93 Ineffective Controls over the Time and Attendance Process (NFR No. TSA 10-08)\n\n       During our testwork over the time and attendance process, and our review of the related\n       supporting documentation we noted the following conditions:\n       \xef\xbf\xbd\t Controls over the review, approval, and retention of annual leave request forms were not\n          operating effectively. Specifically:\n               \xef\xbf\xbd\t 7 of 8 airports maintained the WebTA leave request submission, TSA\xe2\x80\x99s equivalent of\n                    OPM Form-71, Request for Leave or Approved Absence, with time sheet\n                    documentation, rather than destroying this form once reviewed and approved by the\n                    employee and supervisor as noted in TSA\xe2\x80\x99s policy.\n               \xef\xbf\xbd\t 1 leave request was not dated by the supervising approver evidencing timely review\n                    and approval of the leave.\n       \xef\xbf\xbd\t Controls over the review and approval of timesheets were not operating effectively.\n          Specifically, we noted:\n               \xef\xbf\xbd Supervisor review and approval of timesheet was not dated (5 Instances):\n                        \xef\xbf\xbd\t 1 of 80 overtime requests was not dated by the approver evidencing timely\n                            review and approval.\n                        \xef\xbf\xbd\t 4 of 80 timesheets were not dated by the approver evidencing timely review\n                            and approval.\n               \xef\xbf\xbd\t Timesheet was not signed by the employee (1 Instance):\n                        \xef\xbf\xbd\t 1 of 80 instances where the timesheet was not signed by the employee,\n                            despite leave taken.\n               \xef\xbf\xbd\t Untimely approval (2 Instances):\n                        \xef\xbf\xbd\t 1 of 80 instances when the timesheet was approved on March 13, 2010.\n                            However the employee did not sign their timesheet until July 27, 2010.\n                        \xef\xbf\xbd\t 1 of 80 instances where the timesheet was signed 8 days prior to period end.\n               \xef\xbf\xbd\t Discrepancies between timesheet and supporting documentation (1 Instance):\n                        \xef\xbf\xbd\t 1 of 80 instances where the supervisor approved overtime totaling 11 hours,\n                            however, the timesheet submitted only showed 10 hours of overtime worked.\n       \xef\xbf\xbd\t Policies and procedures were not properly implemented at the airport sites to ensure data\n          entered into WebTA by timekeepers, once the supervisor had reviewed and approved the\n          employee\xe2\x80\x99s timesheet was accurate. Specifically we noted that a review of the employee\xe2\x80\x99s\n          timesheet was not performed by certifiers to ensure time is entered accurately into the system\n          at all locations.\n\n       Recommendations:\n       We recommend that TSA:\n       \xef\xbf\xbd\t HRAccess personnel train appropriate personnel on time and attendance processing and\n          proper retention of payroll related documents.\n       \xef\xbf\xbd\t Supplement online training for timekeepers and supervisors to sufficiently document\n          prerequisite knowledge required to perform job functions in accordance with TSA Office of\n          Human Capital Time and Attendance Administration Manual.\n\n\n\n\n                                                  5\n \n\n\x0c                                                                                               Section I\n                               Transportation Security Administration\n                                 Financial Management Comments\n                                        September 30, 2010\n\n\n\nFMC 10-07 \xe2\x80\x93 Fund Balance with Treasury Controls (NFR No. TSA 10-10)\n\n      During our walkthrough of the fund balance with Treasury process, we noted the there were no\n      formal documented procedures and controls in place throughout the year to ensure that the\n      Segregation of Duties query included all entries processed throughout the fiscal year. The\n      Segregation of Duties query was used by TSA personnel to determine the individuals who enter\n      and approve warrants, transfers, and rescissions into the Budget Execution Module were properly\n      segregated. As a result, there was the potential for an individual to both enter and approve a\n      warrant, transfer, or rescission into the Budget Execution Module without it being detected and\n      corrected in a timely manner.\n\n      Recommendations:\n      We recommend that TSA:\n      \xef\xbf\xbd\t Perform a monthly review of budget execution transactions to ensure separation of duties\n         between the approver and preparer.\n      \xef\xbf\xbd\t Expand the monthly review to include a quarterly reconciliation of warrant, transfer, and\n         rescission transactions from the budget execution query report to the Core Accounting System\n         (CAS) to ensure completeness of the budget execution query report.\n\nFMC 10-08 \xe2\x80\x93 Accounts Payable Process (NFR No. TSA 10-12)\n\n      During our walkthrough of the accounts payable (AP) process, we noted:\n      \xef\xbf\xbd\t In the March 31, 2010 Financial Reporting Certification, TSA qualified its certification as the\n         process for accruing for Other Transaction Agreements (OTAs) was being modified. As a\n         result, TSA did not send confirmations for OTA\xe2\x80\x99s and did not record a full accrual.\n         Specifically, TSA stated: \xe2\x80\x9cAccounts Payable: TSA did not record a full accrual for accounts\n         payable related to OTAs. TSA has modified its process for performing this accrual but did\n         not send out confirmations to the vendors for the March reporting period.\xe2\x80\x9d\n      \xef\xbf\xbd\t The contracting officer\xe2\x80\x99s technical representative\xe2\x80\x99s (COTR) or contracting officer\xe2\x80\x99s (CO)\n         review of intragovernmental payment and collection (IPAC) transactions was not properly\n         designed to ensure documented timely review.\n      \xef\xbf\xbd\t The AP subledger to GL reconciliation was not properly designed to ensure documented\n         timely review.\n      \xef\xbf\xbd\t A lack of documented policies that ensure the results of the annual look-back analyses of the\n         prior year balances are reviewed by management, discussed with management and\n         appropriate adjustments taken, if appropriate\n\n      Recommendations:\n      We recommend TSA:\n      \xef\xbf\xbd\t Prepare quarterly OTA AP accruals.\n      \xef\xbf\xbd\t Develop timelines for the AP accrual process during the first quarter of FY 2011 for the entire\n         year, communicate to staff involved, and monitor through completion.\n      \xef\xbf\xbd\t Require management to note its approval of the AP subsidiary to GL reconciliation by either\n         signature or email.\n\n\n\n\n                                                  6\n\n\x0c                                                                                                   Section I\n                                 Transportation Security Administration\n                                   Financial Management Comments\n                                          September 30, 2010\n\n\n      \xef\xbf\xbd\t Conduct an annual look back analysis at the prior year OTA accrual and require management\n         to note its review of the look back by either signature or email.\n      \xef\xbf\xbd\t Develop processes and procedures for the COTR to review IPACs.\n      \xef\xbf\xbd\t Review existing Internal Standard Operating Procedures (ISOP) and policies regarding AP\n         accruals and update to reflect the recommendations as needed.\n\nFMC 10-09 \xe2\x80\x93 Untimely Update of Asset Transfers (NFR No. TSA 10-15)\n\n       TSA personnel did not consistently adhere to its policy requiring the timely update of the\n       Sunflower Asset Management System and retention of supporting documentation.\n\n       Specifically, we noted the following instances where assets were not physically located at the\n       location listed in TSA\xe2\x80\x99s SAMS and TSA was unable to provide supporting documentation\n       evidencing the transfer of the asset:\n       \xef\xbf\xbd\t 5 instances where assets were transferred from Seattle airport prior to the date of the site visit.\n           TSA was unable to provide transfer documentation and noted SAMS was not updated timely\n           to reflect these transfers.\n       \xef\xbf\xbd\t 2 instances where assets were transferred from the Houston airport to the warehouse and TSA\n           was unable to provide documentation to track the movement of the equipment.\n\n       Recommendations:\n       We recommend that TSA:\n       \xef\xbf\xbd\t Update its policies and procedures to ensure proper timing of the recording of property\n          transfers between locations in SAMS.\n       \xef\xbf\xbd\t Develop policies and procedures for adequate documentation of the pick-up and delivery of\n          TSA property to include training of all required personnel.\n       \xef\xbf\xbd\t Ensure transactions only occur upon the physical movement and receipt of TSA property.\n       \xef\xbf\xbd\t Develop and monitor metrics to ensure transactions are being completed timely and properly\n          and the proper documentation is completed as necessary.\n\nFMC 10-10 \xe2\x80\x93 Undelivered Orders (UDO) Documentation (NFR No. TSA 10-16)\n\n       TSA lacked sufficient internal controls to ensure proper adherence to contract management\n       policies, procedures, and controls.\n\n       Specifically, we noted the following instances where the balance or general ledger activity was \n \n\n       recorded improperly:\n \n\n       As of June 30, 2010:\n \n\n       \xef\xbf\xbd\t One IPAC return was applied to the wrong contract thus overstating the selected purchase\n           order balance by $17,525.\n       \xef\xbf\xbd\t One UDO where the period of performance (POP) for this contract expired on March 10,\n           2008. KPMG noted that a modification to de-obligate the remaining funds was executed in\n           September 2008 but was never recorded in the General Ledger. As such, we noted that the\n           balance was overstated by $6,949,250.\n       \xef\xbf\xbd\t One item where the balance per the obligating document was $3,829,480; however the\n           balance per the GL was $4,429,480.\n\n\n\n                                                     7\n\n\x0c                                                                                       Section I\n                        Transportation Security Administration\n                          Financial Management Comments\n                                 September 30, 2010\n\n\nAs of August 31, 2010:\n\xef\xbf\xbd One sample item where the transaction line of obligation activity was $23 understated.\nAs of September 30, 2010:\n\xef\xbf\xbd\t One item where the transaction line of obligation activity was $5,383 understated.\n\xef\xbf\xbd\t One item where the transaction line of obligation activity was $18,483 overstated.\n\xef\xbf\xbd\t One item where the transaction line of obligation activity was $370 overstated.\n\xef\xbf\xbd One item where the obligation balance was not initiated for deobligation timely.\n \n\nAdditionally, we noted controls were not always operating effectively or according to policies.\n \n\nSpecifically, we noted instances where:\n \n\n\xef\xbf\xbd\t Obligations were recorded in the GL prior to execution.\n    \xef\xbf\xbd\t 8 instances in June 30, 2010 testwork\n    \xef\xbf\xbd\t 1 instance in August 31, 2010 testwork\n    \xef\xbf\xbd\t 2 instances in September 30, 2010 testwork\n\xef\xbf\xbd\t The obligating document was not posted to the GL timely.\n    \xef\xbf\xbd\t 3 instances in June 30, 2010 testwork\n    \xef\xbf\xbd\t 2 instances in August 31, 2010 testwork\n    \xef\xbf\xbd\t 3 instances in September 30, 2010 testwork\n\xef\xbf\xbd\t The object class is incorrectly coded.\n    \xef\xbf\xbd\t 30 instances in June 30, 2010 testwork\n    \xef\xbf\xbd\t 1 instance in August 31, 2010 testwork\n    \xef\xbf\xbd\t 1 instance in September 30, 2010 testwork\n\xef\xbf\xbd\t TSA incurred and paid charges related to services provided outside of the POP for the\n    contract.\n    \xef\xbf\xbd\t 1 instance in September 30, 2010 testwork\n\xef\xbf\xbd\t TSA recorded transactions which resulted in the obligation having a negative balance.\n        1 instance in the amount of $131,426 in September 30, 2010 testwork.\n\nRecommendations:\nWe recommend that TSA:\n\xef\xbf\xbd\t Review existing policies and procedures to ensure that modifications for de-obligation of\n   funds that pertain to expired option periods for active contracts are put into place.\n\xef\xbf\xbd\t Review existing policies and procedures for contracting actions released by the CO in the\n   Contract Information Management System to ensure they are adhered to and properly\n   documented.\n\xef\xbf\xbd\t Review existing policies and procedures for object classes to ensure TSA program business\n   management offices are utilizing the proper object class codes on purchase requisitions and\n   provide training to the user community.\n\xef\xbf\xbd\t Review reclassification procedures to ensure sufficient controls are implemented to ensure\n   that reclassifications are properly recorded.\n\xef\xbf\xbd\t Review policies and procedures for entering manual obligations in the general ledger to\n   ensure timely posting of obligations.\n\n\n\n\n                                           8\n \n\n\x0c                                                                                                Section I\n                                Transportation Security Administration\n                                  Financial Management Comments\n                                         September 30, 2010\n\n\n\nFMC 10-11 \xe2\x80\x93 Grant Monitoring and Compliance with the Single Audit Act (NFR No. TSA 10-23)\n\n       As a result of audit follow up on prior-year finding, TSA developed written policies and\n       procedures for monitoring certain types of grants and grant expenditures. However, we noted that\n       formal written policies, procedures, and controls for the monitoring of expenditures associated\n       with the Canine and Law Enforcement Officer (LEO) programs along with OTAs and Letters of\n       Intent (LOIs) were not in place throughout the year or documented in a centralized\n       comprehensive manner.\n\n       Recommendation:\n       We recommend that TSA develop policies and procedures to monitor expenditures and work\n       performed related to other transaction agreements for the Canine and LEO programs as well as\n       OTAs and LOIs.\n\nFMC 10-12 \xe2\x80\x93 Review of Journal Entries (NFR No. TSA 10-26)\n\n       TSA\xe2\x80\x99s controls were not fully effective in FY 2010 to ensure that journal entry reviews were\n       effective and supporting documentation was readily available. Specifically, we noted two\n       instances related to property entries where supporting documentation used during the review of\n       the journal entry was not filed and as such, was not readily available upon request. Additionally,\n       we noted both entries were approved as reversing, however, they should not have been reversing\n       entries. A subsequent entry had to be posted to correct the error. The specific entries are as\n       follows:\n       \xef\xbf\xbd\t One item did not have a supporting memorandum of record readily available that tied to the\n           entry. Additionally, this entry was incorrectly coded as a reversing entry and was not\n           corrected via the review and approval process prior to posting the initial entry. We noted a\n           subsequent entry (in a different reporting month) had to be posted to correct the reversal.\n       \xef\xbf\xbd\t One item did not have appropriate supporting documentation readily available that tied to the\n           entry. Additionally, this entry was incorrectly coded as a reversing entry and was not\n           corrected via the review and approval process prior to posting the initial entry. We noted a\n           subsequent entry (in a different reporting month) had to be posted to correct the reversal.\n\n       Recommendations:\n       We recommend that TSA:\n       \xef\xbf\xbd\t Review and update ISOP as necessary.\n       \xef\xbf\xbd\t Provide training on journal entry procedures to new hires as well as refresher training for\n          current employees.\n       \xef\xbf\xbd\t Have the Internal Control Branch continue to perform reviews of the journal entry process.\n\nFMC 10-13 \xe2\x80\x93 Review of Service Organizations\xe2\x80\x99 Internal Controls (NFR No. TSA 10-27)\n\n       During FY 2010, TSA was unable to fully demonstrate the impact of its service providers\xe2\x80\x99 control\n       environment on TSA\xe2\x80\x99s control environment. Specifically, Lockheed Martin\xe2\x80\x99s control\n       environment was not evaluated for the impact on TSA\xe2\x80\x99s environment. In addition, a period\n       update from the Statement on Auditing Standards (SAS) 70 report issuance date to the DHS\n\n\n\n                                                   9\n \n\n\x0c                                                                                                Section I\n                               Transportation Security Administration\n                                 Financial Management Comments\n                                        September 30, 2010\n\n\n       balance sheet date was not documented for United States Department of Agriculture\xe2\x80\x99s (USDA)\n       National Finance Center\xe2\x80\x99s (NFC) control environment.\n\n       Recommendations:\n       We recommend that:\n       \xef\xbf\xbd\t The Office of Financial Management, Internal Control Branch continue to work with the\n          Office of Human Capital to evaluate Lockheed Martin\xe2\x80\x99s control environment.\n       \xef\xbf\xbd\t The Office of Financial Management, Internal Control Branch continue to follow the DHS\n          issued policy and work with DHS to receive and review the period update for the NFC SAS\n          70 report.\n\nFMC 10-14 \xe2\x80\x93 Accounts Payable Balance (NFR No. TSA 10-29)\n\n      Controls over the accounts payable accrual process were not fully effective, which resulted in\n      errors to the balance sheet as of September 30, 2010. For example we noted that:\n          \xef\xbf\xbd\t The property accrual was understated in the draft financial statements due to unconfirmed\n               or estimated vendors being excluded from analysis. Once identified, TSA reevaluated the\n               need for an additional accrual related to incurred but unreported expenditures.\n          \xef\xbf\xbd\t The non-Federal accounts payable accrual was overstated in the draft financial statements.\n               Data collected for the statistical calculation of the non-Fed accounts payable accrual\n               inappropriately included and excluded certain vendors.\n\n       Recommendations:\n       We recommend that TSA:\n       \xef\xbf\xbd\t Review and update the property accounts payable accrual ISOP.\n       \xef\xbf\xbd\t Perform look backs on general non-Federal accounts payable to determine reasonableness of\n          the accrual estimate.\n       \xef\xbf\xbd\t Review and update the general non-Federal accounts payable procedures ISOP as necessary.\n       \xef\xbf\xbd\t Develop and record accounts payable accruals on a quarterly basis.\n       \xef\xbf\xbd\t Have the Internal Control Branch continue to perform reviews of the accounts payable\n          accrual process.\n\nFMC 10-15 \xe2\x80\x93 Lease Accounting and Disclosure (NFR No. TSA 10-30)\n\n      During our testwork over leases, we noted fully effective controls were not in place for the entire\n      year to ensure:\n      \xef\xbf\xbd\t The future minimum lease payments excluded amounts un-related to rental payments. We\n         noted one instance where payments made for leasehold improvements were improperly\n         included the footnote disclosure.\n      \xef\xbf\xbd\t We noted three instances where improvements paid for by TSA were included in the deferred\n         rent liability calculation; two of these instances were corrected prior to year-end.\n\n       Recommendations:\n       We recommend that TSA:\n       \xef\xbf\xbd\t Review and document lessons learned from the FY 2010 cleanup and review activity for\n          identifying and accounting for leases.\n\n\n\n                                                  10\n\n\x0c                                                                                    Section I\n                       Transportation Security Administration\n                         Financial Management Comments\n                                September 30, 2010\n\n\n\xef\xbf\xbd\t Review the lease and leasehold improvement ISOPs and revise the straight-line analysis and\n   deferred rent liability calculations.\n\xef\xbf\xbd\t Implement and maintain processes for recording leases and leasehold improvements.\n\xef\xbf\xbd\t Have the Internal Control Branch perform periodic reviews of lease and leasehold\n   improvement activity.\n\n\n\n\n                                         11\n \n\n\x0c                                                                                                                 Appendix A\n                                    Transportation Security Administration\n                             Crosswalk - Financial Management Comments to NFRs\n                                              September 30, 2010\n\n\n                                                                                                    Disposition1\n                                                                                                   IAR              FMC\n       NFR No.                                    Description                               MW       SD     NC      No.\n         10-01       Warehouse Inventory System and Procedures                                                      10-01\n         10-02       Compliance with Human Resources Related Laws                                                   10-02\n         10-03       Accrued Payroll Controls                                                                       10-03\n         10-04       Accounts Receivable Controls                                                                   10-04\n         10-05       Ineffective Controls at the Dallas Warehouse                            D\n         10-06       Noncompliance with Debt Collection Improvement Act of 1996                                     10-05\n                     Policies and Procedures over the Property, Plant, and Equipment\n         10-07                                                                               D\n                     (PP&E) Process\n         10-08        Ineffective Controls Over the Time and Attendance Process                                     10-06\n         10-09       PP&E Site Visits                                                        D\n         10-10       Fund Balance with Treasury Controls                                                            10-07\n         10-11       Lack of Policies and Procedures Over Internal Use Software              D\n         10-12       Accounts Payable Process                                                                       10-08\n         10-13       Incorrect Trading Partner Codes                                         A\n         10-14       Accounting for Other Direct Costs Incurred in FY 2009 and Prior         D\n         10-15       Untimely Update of Asset Transfers                                                             10-09\n         10-16       Undelivered Orders Documentation                                                               10-10\n         10-17       Entity-Level Controls                                                  A, D\n         10-18       Number not used                                                               Not applicable\n         10-19       Reporting PP&E                                                          D\n         10-20       Financial Reporting Deficiencies                                        A\n                     Non-Compliance with the Federal Financial Management\n         10-21                                                                                               J\n                     Improvement Act of 1996\n         10-22       Number not used\n                     Grant Monitoring and Compliance with OMB Circular No. A-133,\n         10-23                                                                                                      10-11\n                     Audit of Sales, Local Governments and Nonprofit Organizations\n         10-24       Number not used                                                               Not applicable\n         10-25       Number not used                                                               Not applicable\n         10-26       Review of Journal Vouchers                                                                     10-12\n         10-27       Review of Service Organizations\xe2\x80\x99 Internal Controls                                             10-13\n         10-28       Number not used                                                               Not applicable\n         10-29       Accounts Payable Balance                                                                       10-14\n         10-30       Lease Accounting and Disclosure                                                                10-15\n\n\n1\n Disposition Legend:\nIAR       Independent Auditors\xe2\x80\x99 Report dated November 12, 2010\nFMC       Financial Management Comment\nMW        Contributed to a Material Weakness at the Department level when combined with the results of all other components\nSD        Contributed to a Significant Deficiency at the Department level when combined with the results of all other\n          components\n\n\n\n                                                                12\n\x0c                                                                                                              Appendix A\n                                    Transportation Security Administration\n                             Crosswalk - Financial Management Comments to NFRs\n                                              September 30, 2010\n\n\nNC\t       Contributed to Noncompliance with laws,regulations, contracts, and grant agreements at the Department level when\n         combined with the results of all other components\nNFR\t \t    Notice of Finding and Recommendation\n\nCross-reference to the applicable sections of the IAR:\nA\t \t      Financial Management and Reporting\nB\t \t      Information Technology Controlsand System Functionality\nC\t \t      Fund Balance with Treasury\nD\t \t      Property, Plant, and Equipment\nE\t \t      Actuarial and Other Liabilities\nF\t \t      Budgetary Accounting\nG\t \t      Other Entity-Level Controls\nH\t \t       Custodial Revenue and Drawback\nI\t \t      Federal Managers\xe2\x80\x99 Financial Integrity Act of 1982 (FMFIA), and Laws and Regulations Supporting OMB Circular\n          No. A-50, Audit Followup, as revised\nJ\t \t      Federal Financial Management Improvement Act of 1996 (FFMIA)\nK\t \t      Single Audit Act Amendments of 1996\nL\t \t      Chief Financial Officers Act of 1990 (CFO Act)\nM\t \t      Antideficiency Act, as amended (ADA)\nN\t \t      Government Performance and Results Act of 1993 (GPRA)\n\n\n\n\n                                                            13\n \n\n\x0c                                                                                             Appendix B\n                             Transportation Security Administration\n                                   Status of Prior Year NFRs\n                                      September 30, 2010\n\n\n                                                                                  Disposition1\n                                                                                          Repeat\nNFR No.                                Description                         Closed2\n                                                                                     (2010 NFR No.)\n 09-01    Number not used                                                        Not applicable\n 09-02    Number not used                                                        Not applicable\n 09-03    Number not used                                                        Not applicable\n 09-04    Incorrect Trading Partner Codes                                               TSA 10-13\n 09-05    Undelivered Orders Documentation                                              TSA 10-16\n 09-06    Number not used                                                        Not applicable\n 09-07    Number not used                                                        Not applicable\n 09-08    Number not used                                                        Not applicable\n 09-09    Financial Reporting Deficiencies                                              TSA 10-20\n 09-10    Required Supplementary Stewardship Information                     X\n          Non-Compliance with Debt Collection Improvement Act (DCIA) of\n 09-11                                                                                  TSA 10-06\n          1996\n 09-12    Number not used                                                        Not applicable\n 09-13    Noncompliance with FFMIA                                                      TSA 10-21\n 09-14    Noncompliance with FMFIA                                           X\n          Grant Monitoring and Compliance with OMB Circular No. A-133,\n 09-15                                                                                  TSA 10-23\n          Audit of Sales, Local Governments, and Nonprofit Organizations\n 09-16    Noncompliance with Human Resources Related Laws                               TSA 10-02\n 09-17    Number not used                                                        Not applicable\n 09-18    Ineffectiveness of Controls over the Time & Attendance Process                TSA 10-08\n 09-19    Policies and Procedures to Ensure Compliance with GAAP             X\n 09-20    Number not used                                                        Not applicable\n 09-21    Untimely Update of Asset Transfers                                            TSA 10-15\n 09-22    Warehouse Property Impairment                                      X\n 09-23    Number not used                                                        Not applicable\n 09-24    Review of Journal Vouchers                                                    TSA 10-26\n 09-25    Review of Service Organizations\xe2\x80\x99 Internal Controls                            TSA 10-27\n 09-26    Incorrect Classification of Obligations as Fed or Non-Fed          X\n 09-27    Accounts Payable Balance                                                      TSA 10-29\n 09-28    Reporting PP&E                                                                TSA 10-19\n 09-29    Entity-Level Controls                                                         TSA 10-17\n 09-30    Lease Accounting and Disclosure                                               TSA 10-30\n 09-31    Ineffective Controls at the Dallas Warehouse                                  TSA 10-05\n 09-32    GAO Checklist Review                                               X\n 09-33    PP&E Site Visits                                                              TSA 10-09\n 09-34    Fund Balance with Treasury Controls                                           TSA 10-10\n          Lack/Ineffectiveness of Controls over the Accounts Receivable\n 09-35                                                                                  TSA 10-04\n          Process\n 09-36    Controls over Payroll Procedures                                              TSA 10-03\n 09-37    Procurement Controls                                               X\n\n\n\n                                                     14\n \n\n\x0c                                                                                                    Appendix B\n                                     Transportation Security Administration\n                                           Status of Prior Year NFRs\n                                              September 30, 2010\n\n\n                                                                                          Disposition1\n                                                                                                  Repeat\n       NFR No.                                 Description                         Closed2\n                                                                                             (2010 NFR No.)\n        09-38      Policies and Procedures over the PP&E Process                                TSA 10-07\n        09-39      Accounts Payable Controls                                                    TSA 10-12\n        09-40      Lack of Policies and Procedures over the Deployment of IUS                   TSA 10-11\n        09-41      Unavailability of Supporting Documentation                         X\n        09-42      Net Position Controls                                              X\n\n1\n  KPMG was engaged to perform an audit over the DHS balance sheet and statement of custodial activity as of and\nfor the year ended September 30, 2010, and was not engaged to perform an audit over the statement of net cost,\nstatement of changes in net position, and statement of budgetary resources for the year ended September 30, 2010.\nIn addition, we were engaged to follow up on the status of all active NFRs that supported significant deficiencies\nreported in KPMG\xe2\x80\x99s Independent Auditors\xe2\x80\x99 Report dated November 13, 2009.\n2\n NFRs were closed either through remediation of the findings or that we were not engaged to follow up on active\nNFRs that did not support significant deficiencies reported in KPMG\xe2\x80\x99s Independent Auditors\xe2\x80\x99 Report dated\nNovember 13, 2009.\n\n\n\n\n                                                             15\n \n\n\x0c                                                                                                                Appendix C\n                              Transportation Security Administration\n                                 Management Response to the\n \n\n                                    Management Letter\n \n\n\n\n\n\n                                                                           Qf1Ia., FIif.1Oa.U AIinllIIblr....\n                                                                          "I So.I~ Uo. SC_\', "TS.\'-U\n                                                                          Am.\'..... VA 1l598-6tU\n\n                                                                          TransJ?Ortation\n                                                                          SecurIty\n                                                                          Admi.niStration\n\n\nAnne L.. Richards\nAssistanllnspector General for Audits\nDepamnent of Homeland Security\nOffICe or Inspector General\n245 MUl\'TlIIY Lane, SW\nBuikling410\nWashington. IX: 20528\n\nDear Ms. Ricluards;\n\n        Thank)\'OO ror the opportunity to cornmenl on the Draft Report: Manogement Utter.for the FY20JO\nTransportation Suurity Adminisrrotion\'s Financial S!altfMnt Audit. TSA CODl:urs with all filldings and\nrecommendations oudined in the repon and has conftrmed that the report agrees with lhe individual NFRs\niS5ucd by the independent auditors, KPMG. We are eurrently in process or implementing the Mission Action\nPlans (MAPs) which address the audit recommendations. Again, TSA appreciates the opportunity 10 review\nthe report, and we look forwanl to working with )\'Our team during the upcoming FY 2011 Financial Staternem\nAudit.\n\n\n\n                                               Sincerely,\n\n\n\n                                                a I          \\) on\n                                               Assistant Administrator and Chief Financial Officer\n                                               Otlice of Finance and Administration\n\n\n\n\nFile; 1000.2.1-a\n\n\n\n\n                                                   16\n \n\n\x0cReport Distribution\n\n                      Department of Homeland Security\n\n                      Secretary\n                      Deputy Secretary\n                      Chief of Staff\n                      Deputy Chief of Staff\n                      General Counsel\n                      Executive Secretariat\n                      Director, GAO/OIG Liaison Office\n                      Assistant Secretary for Office of Policy\n                      Assistant Secretary for Office of Public Affairs\n                      Assistant Secretary for Office of Legislative Affairs\n                      Chief Financial Officer\n                      Chief Information Officer\n\n                      Office of Management and Budget\n\n                      Chief, Homeland Security Branch\n                      DHS OIG Budget Examiner\n\n                      Congress\n\n                      Congressional Oversight and Appropriations Committees, as\n                      appropriate\n\x0cADDITIONAL INFORMATION AND COPIES\n\nTo obtain additional copies of this report, please call the Office of Inspector General (OIG) at (202) 254-4100,\nfax your request to (202) 254-4305, or visit the OIG web site at www.dhs.gov/oig.\n\n\nOIG HOTLINE\n\nTo report alleged fraud, waste, abuse or mismanagement, or any other kind of criminal or noncriminal\nmisconduct relative to department programs or operations:\n\n\xe2\x80\xa2 Call our Hotline at 1-800-323-8603;\n\n\xe2\x80\xa2 Fax the complaint directly to us at (202) 254-4292;\n\n\xe2\x80\xa2 Email us at DHSOIGHOTLINE@dhs.gov; or\n\n\xe2\x80\xa2 Write to us at:\n       DHS Office of Inspector General/MAIL STOP 2600,\n       Attention: Office of Investigations - Hotline,\n       245 Murray Drive, SW, Building 410,\n       Washington, DC 20528.\n\n\nThe OIG seeks to protect the identity of each writer and caller.\n\x0c'